Hackers Set Fire To An Iranian Steelworks

It's extremely rare for hackers, who operate in the digital world, to cause damage in the physical world, but a cyber attack on a steel maker in Iran is being seen as a significant event.

The attack caused "massive damage" to a steel factory, causing an emergency shutdown.

A hacking group calling itself 'Predatory Sparrow' has claimed responsibility for the attack, which it said caused a serious fire and has subsequently released a video to back up its story. 

The video appears to be CCTV footage of the incident, showing factory workers leaving part of the plant before a machine starts spewing molten steel and fire. The video ends with people pouring water on the fire with hoses. In another video that surfaced online, factory staff can be heard shouting for firefighters to be called and describing damage to the equipment. 

Now, security experts are asking who is behind 'Predatory Sparrow' which some say is state-sponsored military hacking group. Its name, a play on the name of the Iranian cyber warfare group, Charming Kitten, could be a clue suggesting that it's a country with a strong interest in Iran. Also known by its Persian name, 'Gonjeshke Darande' the group say this was one of three attacks it carried out against Iranian steel makers in June, in response to unspecified acts of "aggression" carried out by the Islamic Republic.

The group has also started sharing gigabytes of data it claims to have stolen from the companies, including confidential emails. On its Telegram page Predatory Sparrow posted: "These companies are subject to international sanctions and continue their operations despite the restrictions. These cyber attacks, being carried out carefully to protect innocent individuals." That last sentence has attracted considerable attention as, from their public claim, the hackers knew that they were putting lives in danger and were careful to make sure the factory was empty before launching their attack. 

This has led many to wonder whether Predatory Sparrow is a professional and tightly regulated team of state-sponsored military hackers, who may even be obliged to carry out risk assessments before they launch an operation.

"They claim themselves to be a group of hacktivists, but given their sophistication, and their high impact, we believe that the group is either operated, or sponsored by, a nation state," says Itay Cohen, head of cyber research at Check Point Software.

Iran has been the victim of a spate of recent cyber-attacks that have had an impact in the real world but nothing as serious as this since the 2010 Stuxnet attack on Iran's uranium enrichment facilities. Stuxnet was a computer virus that damaged or destroyed centrifuges at Iran's uranium enrichment facility in Natanz, hampering its nuclear programme. The attack has been widely attributed to Israel and US military hackers working in combination, although this has never been officially confirmed.  

Since Stuxnet, there have been very few confirmed cases of physical damage and nation-state cyber attacks of this kind are more commonly designed to cause disruption, without causing real physical damage. That may now be about to change.

If Predatory Sparrow is a state-sponsored military hacking group, which country does it represent? According to Israeli media reports, Defence Minister Benny Gantz has ordered an investigation into leaks that led to Israeli journalists heavily hinting that Israel is behind the hack. The minister is possibly concerned that Israel's "ambiguity policy" on its operations against Iran might have been broken.

In October last year Predatory Sparrow claimed responsibility for taking Iran's national fuel station payment system offline. The group also said it had been behind a hack that hijacked digital billboards on roads, making them display a message saying, "Khamenei, where is our fuel?" - a reference to the country's supreme leader, Ayatollah Ali Khamenei. In both cases, the hackers showed a degree of responsibility by warning Iran's emergency services in advance about the potential chaos that could result.

Check Point researchers say they have also found code in the malicious software used by Predatory Sparrow that matches code used by another group, called Indra, that is thought to have hacked Iranian train station displays in 2021. The steel factory attack, however, is a sign that the stakes are getting higher.

IQStock:    HeadTopics:     BBC:     Yahoo:        Shout Radio:    Userwalls:     Nation World News:  

You Might Also Read: 

Israel & Iran Locked In Cyber Conflict:

 

« Migrating to the Cloud: Security Risks and Concerns
Millions Of Canadian Households & Businesses Offline »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

HackerOne

HackerOne

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

Applied Security (APSEC)

Applied Security (APSEC)

APSEC provides products and services in the areas of encryption, digital signature, authentication and data loss prevention.

SoSafe

SoSafe

Modern awareness training that works. With memorable content on all areas of IT security, with measurable learning success and full data protection compliance.

Adlumin

Adlumin

Adlumin's cloud-native SIEM is built exclusively for financial institutions to help manage evolving threats and cybersecurity compliance requirements.

K2 Cyber Security

K2 Cyber Security

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.